...
Kafka clients should have it's own keystore/truststore pair and they should be added to the client configuration:
Spring Boot
| Code Block | ||
|---|---|---|
| ||
spring:
kafka:
ssl:
protocol: SSL
key-password: ${keyPassword}
key-store-type: jks
key-store-location: ${keystoreLocation}
key-store-password: ${keystorePassword}
trust-store-type: jks
trust-store-location: ${truststoreLocation}
trust-store-password: ${path to the client.truststore.jks} |
...
Producer/consumer settings include following values from environment variables:
| Code Block | ||
|---|---|---|
| ||
ssl.protocol: SSL
ssl.key.password: ${ca-key password}
ssl.keystore.type: jks
ssl.keystore.password: ${keystore password)
ssl.keystore.location: ${path to the client.keystore.jks}
ssl.truststore.type: jks
ssl.truststore.password: ${truststorePassword}
ssl.truststore.location: ${path to the client.truststore.jks} |
...
Script to enable producer/consumer access to ${username} for all topics with ${prefix}
| Code Block | ||
|---|---|---|
| ||
kafka-acls.sh --bootstrap-server ${kafkaHost} --command-config ${configPath} --add --allow-principal User:${username} --producer --topic ${prefix} --resource-pattern-type prefixed
kafka-acls.sh --bootstrap-server ${kafkaHost} --command-config ${configPath} --add --allow-principal User:${username} --consumer-- topic ${prefix} --group ${consumerGroup} --resource-pattern-type prefixed |
Script to revoke access producer/consumer
| Code Block | ||
|---|---|---|
| ||
kafka-acls.sh --bootstrap-server ${kafkaHost} --command-config ${configPath} --remove --allow-principal User:${username} --producer --topic ${prefix} --resource-pattern-type prefixed
kafka-acls.sh --bootstrap-server ${kafkaHost} --command-config ${configPath} --remove --allow-principal User:${username} --consumer-- topic ${prefix} --group ${consumerGroup} --resource-pattern-type prefixed |
...